Chinese Hackers Steal DRDO Data: Biggest Security Breach in The Indian Defense Establishment

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.gizbot.com/tech-biz/chinese-hackers-steal-drdo-data-biggest-security-breach-011092.html

The official website of Defence Research and Development Organisation
(DRDO) has been breached by Chinese hackers. Mumbai newspaper
thousands of top secret files related to Cabinet Committee, on
Security, have been stolen and posted on a server in Guangdong,
reports Mumbai newspaper, DNA.

Apparently this the biggest security breach in the Indian defense
establishment, until now.

The breach was reportedly discovered in the first week of this month,
when officials from India's technical intelligence wing, National
Technical Research Organisation (NTRO), along with private Indian
cyber security experts cracked open a file called "army cyber policy".
The file was found attacked to hacked email accounts of senior DRDO
officials that quickly spread through the system in a matter of
seconds. NTRO found that the sensitive files stolen from the infected
systems, were being uploaded on a server in Guangdong, China.

Indian cyber security experts have found Thousands of top secret CCS
files, and other documents related to surface-to-air missile and radar
programmes from DRDL, a DRDO lab based in Hyderabad, among many other
establishments. Even the e-tickets of DRDO scientists who had
travelled to Delhi in February were found on the server.

Intelligence officials also discovered documents of deals struck
between DRDO and Bharat Dyamics Ltd, a defense PSU which makes
strategic missiles and components.

Other recovered files related to price negotiations with MBDA, a
French missile manufacturing company.

This is the first time, Indian cyber intelligence team has
successfully tracked the hacking location.

The Chinese attack is believed to be officially sponsored. Also, apart
from DRDO files, sensitive data belonging to South Korea, Russia, and
the United States were also found on the Chinese server. The server is
suspected to be used for a specific purpose.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.